The importance of having an Information Security Policy is not only now being acknowledged even by top management of organisations but has also been recently made mandatory by the Reserve Bank of India (RBI) for banks operating in India, informs Praveen Dalal, managing partner of new Delhi based law firm Perry4Law and leading techno legal expert of India.

In fact, recently the RBI has released its Information Technology Vision Document 2011-17 that endorses the requirements for having strong information security for online banking and offline banking transactions. The document also mandates that all banks would have to create a position of chief information officers (CIOs) as well as steering committees on information security at the board level at the earliest, informs Dalal.

Lack of information security policy of India is also casting doubts whether India is capable of tackling the cyber terrorism attacks against it. Further, cases of cyber espionage and cyber attacks are also increasing in India.

On top of it, we have a weak cyber law of India that gives a free hand to cyber criminals’ world wide. If India wishes to secure its cyberspace, it must formulate a robust and effective information security policy of India. This policy must be supplemented by stringent cyber laws of India. Till these steps are taken, Indian cyberspace would remain vulnerable to cyber attacks, cyber terrorism and cyber espionage.